Readers' Forum - June 2004

by Rob Zorn
from the June 2004 Newsletter

If you'd like to ask a question or request some help on any Actrix or Internet-related matter. Simply send me an e-mail with the word "Forum" in the subject line. I'll try and answer your question by return e-mail, and will also post the answer here for the benefit of others who may have a similar question or problem. By the same token, if you read something here and think you may have something to suggest, please feel more than free. Please also note that questions and answers may turn up under the Helpful Tips section on the Actrix home page (www.actrix.co.nz).

Roger writes: I have a question that reflects a number of conversations we have had locally regarding the influx of aggressive virus attacks we are all experiencing today. Could tell us how you catch up and keep ahead of the attacks as they are released on the internet? How do you find out about the attacks, counter them and set the counter in motion? And, of course what can we do to help you and ourselves?

By the way, Rob, it's real pleasure not having to keep deleting affected emails any more... thanks to your CyberScan anti-virus service. All the best to you and Actrix. Roger

Hi Roger, These are some good questions. I'll try and answer from the point of view of the individual user and from the point of view of the ISP.

There are two types of anti-virus scanners that can protect you and they both work in pretty much the same way. Actrix has server based anti-virus scanners that sit on our mail servers. Every e-mail that comes in for each customer is scanned for known viruses and blocked or deleted if it can't be repaired (and most can't). The virus scanner is really just software (a computer program) written and provided by one of many anti-virus companies.

These anti-virus companies examine every new virus the minute it is found in the wild and usually manage to create a way to identify it within a few hours of its discovery (this way of identifying the virus is called a "definition"). They have people all around the world who continually send them any file they have found that they think is a virus.

They then make that "definition" available for download to all their customers (in this case the ISP running the anti-virus scanner is the customer). Our virus scanners are set to check back with the anti-virus company every hour or so of every day. This is so that they can download the very latest definitions and begin protecting customers without delay. The virus scanning software reads any code attached to any e-mail that comes through them. If the code matches the virus definition they now know about, they can block the virus from coming through to the customer

We're dependent on the anti-virus company in that regard. If they are slow to provide a definition for a new virus, we are slow to provide protection, but they realise they are in a competitive market (there are lots of companies) so they usually come through pretty quickly.

Customers are also able to download their own personal anti-virus programs. In reality, these are pretty much the same programs as the ISP uses, but they are easier to install and generally better designed for novice use. They work the same way though, by downloading definitions from whichever company makes them and loading them onto the customer's own computer.

These personal programs stand in front of the customer's e-mail program (e.g. Outlook Express) and check all incoming mail before it gets through. They then usually quarantine the infected e-mail, placing it in a file where it will not be allowed to run or do any damage until the customer can delete it.

The big advantage of having your own personal anti-virus program is that it can usually also help protect you from viruses you don't get through e-mail (such as ones you might download by mistake, or ones that connect to you straight across the Internet). Also, no ISP will guarantee you protection. It is unlikely that the anti-virus servers will fall over (there are always configured back-ups) but it is theoretically possible.

Most customers aren't able to update their anti-virus definitions every hour as it is quite a drain on the resources of a 56K modem, but customers can help themselves (and others) by using their own anti-virus programs and updating them regularly. It used to be suggested that you update on a weekly basis, but with the prevalence of new viruses lately, this should increase to twice weekly at the very least, as well as every time you read or hear about a new virus (even if you just updated the day before).

When an individual becomes infected, they not only hurt themselves and their own machines. They usually end up sending the virus out (over and over again) to everyone in their address book. Sometimes they also get harvested as spamming machines and end up being used by others to send Spam out, further contributing to this annoying problem as well.

The two other things that customers have GOT to get used to doing are the following:

1. Use the Windows Update page regularly (at least once per month - http://windowsupdate.microsoft.com). This will update their computers to get rid of the security vulnerabilities that the viruses exploit. Security vulnerabilities are like unlocked doors in a house that Microsoft didn't realise were there when they released their software. The virus becomes like a thief who sneaks in through an unlocked door he knows is there. The Windows Update page will install "patches" which are like updates to the affected programs that lock the doors that have been discovered to be unlocked. You can get to the Windows Update page by opening Internet Explorer and clicking Tools and then Windows Update. Our help desk would also love to assist anyone who isn't sure how to use the page (0800-228749).

2. DON'T CLICK ATTACHMENTS that you don't know about. Many viruses come as attachments to e-mails but they don't announce that they are viruses. They look like something else and they come attached to an e-mail that often has text in it trying to convince the user to click the attachment. The rule of thumb is to never, Never, NEVER click anything that you didn't ask for, or that comes from someone you don't know, even if it does promise to be something great, or even if it claims to be something you need to click in order to protect your computer. One common thing is for viruses to masquerade as a patch that will protect the user from viruses. Remember, no anti-virus company will send out patches. You can bet that any unsolicited "patch" is actually a virus.

I hope that helps!

Chris writes: Hi there Rob - I'm hoping you can help me with the solution a small problem that, so far, has eluded everyone else I've asked. When I open Internet Explorer it comes up full size just as it always did - but when I click a link that automatically open a new browser window, it opens up tall & skinny - about 40% of the screen width and 80% of the screen height. -

If I resize the tall skinny browser window by dragging all four sides, all subsequent windows opened will open full size - but only for that particular session. The next time I open Internet Explorer, all windows subsequent to the first will be shrunk again!  Regards, Chris

Mike Cooper from the Actrix help desk responds: Hi Chris, The problem you describe is quite a common issue, and fortunately reasonably easily solved.

When you next open an Internet Explorer window, reshape it to the size you require (most probably filling the entire screen). The easiest way to do this is to double click on the blue title bar at the top of the Internet Explorer window. Once you have done this, simply hold down the CTRL key on your keyboard, then click on the X at the top right of the window to close it (whilst still holding down the CTRL key). You will need to make sure you only have one INTERNET EXPLORER window open when you do the above. When you next open Internet Explorer is should be at the appropriate size.

If this doesn't solve the problem for you, let us know and we will attempt to find another solution.

Francis writes: Rob, some chap in England that I do not know and have never knowingly contacted, received an email from me, and replied to it saying that he would kill me if I did not stop sending him viruses. I checked that my Norton Antivirus protection was up to date, and did a complete scan, but nothing was found. How is this possible?

Hi Francis, One of the worst things about viruses, and one of the ways in which they are cleverly designed, is that they send themselves on to others but use a fake e-mail address.

A typical virus, once it has infected a computer, will then scan that computer and learn every e-mail address it can find in your Address Book, your documents and in any web pages you've visited that are still stored on your computer. It then chooses one of those and uses that as a pretend sending address when it sends itself on.

So, the viruses the guy in England is receiving don't come from you. They come from some other machines that is infected, but whichever virus it is, it is pretending to come from you because it has learned of your e-mail address from somewhere else.

Some viruses can communicate back to their maker, or can download additions to themselves once they are installed. In this way, e-mail addresses from all around the world can be harvested and shared, so tracking down how this virus got your e-mail address is near on impossible.

The guy in England is rightly annoyed, but he is annoyed at the wrong person. As time goes by, people will become more familiar with how these nasties work, and will be less inclined to make threats against the apparent sender.

I hope that helps. Feel free to send this response on to your new friend.